December 27, 2011

Lately in my server logs I’ve been seeing a lot of attempts to hack into WordPress. The hackers appear to have automated means of working well-known exploits such as to timThumb.php and phpMyadmin, but also I’ve seen persistent efforts to do brute force login attacks using a big password set. A lot has been written about the exploits and patches exist for them that you can find elsewhere, but the simple way I avoid the most common brute force login hackers out of the gate is to not even have the well-known wordpress login script wp-login.php visible. (more…)